API tools faq
paste
Advertisement
enos

otentikasi.php

enos
Jul 31st, 2013
124
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 2.13 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. include'includes/db.php';
  3.  
  4. session_start();
  5.  
  6. function anti_injection($data){
  7.   $filter = mysql_real_escape_string(stripslashes(strip_tags(htmlspecialchars($data,ENT_QUOTES))));
  8.   return $filter;
  9. }
  10.  
  11.  
  12. //tangkap data dari form login
  13. $email = $_POST['username'];
  14. $password = $_POST['password'];
  15. $pass=md5($password);
  16.  
  17. //untuk mencegah sql injection
  18. //kita gunakan mysql_real_escape_string
  19. $email = anti_injection($email);
  20. $pass = anti_injection($pass);
  21.  
  22. //cek data yang dikirim, apakah kosong atau tidak
  23. if (empty($email) && empty($pass)) {
  24.     //kalau username dan password kosong
  25.     header('location:signin.php?error=1');
  26.     break;
  27. } else if (empty($email)) {
  28.     //kalau username saja yang kosong
  29.     header('location:signin.php?error=2');
  30.     break;
  31. } else if (empty($pass)) {
  32.     //kalau password saja yang kosong
  33.     header('location:signin.php?error=3');
  34.     break;
  35. }
  36.  
  37.  
  38. // pastikan username dan password adalah berupa huruf atau angka.
  39. if (!ctype_alnum($pass)){
  40. //echo '<div class="alert alert-danger">Sekarang tidak bisa di injeksi halaman login nya bro <img src="img/senyum.gif"></div>';
  41.  
  42.  echo '<div class="errormsgbox" style="color: #D8000C;background-color: #FFBABA;background-image: url(img/error.png);background-repeat: no-repeat;background-position: 10px center;font-weight:bold;width:450px;border: 1px solid;margin: 0 auto;padding:10px 5px 10px 50px; ">Sekarang tidak bisa di injeksi halaman login nya bro <img src="img/senyum.gif"> </div>';
  43. }
  44. else {
  45. $q = mysql_query("select * from users where email='$email' and password='$pass'");
  46. $ketemu = mysql_num_rows($q);
  47. $r = mysql_fetch_array($q);
  48. $uid=$r['uid'];
  49. $email=$r['email'];
  50.  
  51. if ($ketemu == 1) {
  52.     $_SESSION['uid']=$uid;
  53.     //kalau username dan password sudah terdaftar di database
  54.     //buat session dengan nama username dengan isi nama user yang login
  55.     session_register('username');
  56.     $_SESSION['username'] = $email;
  57.     $_SESSION[full_name]    = $r[full_name];
  58.     //$name = $_SESSION['full_name'];
  59.    
  60.     //redirect ke halaman index
  61.     header('location:home.php');
  62. } else {
  63.     //kalau username ataupun password tidak terdaftar di database
  64.     header('location:signin.php?error=4');
  65. }
  66. }
  67. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!